Wow – lots of serious security vulnerabilities discovered this week! In addition to Monday’s required WordPress core update, serious vulnerabilities have just been found in the widely used Jetpack plugin for WP. You can get the details on the Jetpack security exploits that were discovered from the WordFence blog (which does a better job of explaining the security issues) and from the Jetpack site, which provides additional information about bug fixes. The three serious WordPress security exploits found in Jetpack 4.0.3 that are now fixed in v4.0.4 are:

a vulnerability that allowed an attacker to perform unauthorized changes to the “post by email” settings

a cross site scripting (XSS) vulnerability in the Jetpack ‘Likes’ module

a vulnerability that made submitted feedback publicly available via the REST API